Cloud users have direct permissions attached using inline policy. This increases the attach surface for your AWS account.
AWS recommends adding a user to a group rather than directly to a user for easier user permission management.
In AWS Console -
In Terraform -
Rather than using the aws_iam_user_policy resource to attach an inline policy directly to a user, use aws_iam_group_membership to designate the users in a specific group.
References:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_membership